Individual Client Message Count Alerting

I have my DNS servers logging to Graylog. One use case I’d like to use Graylog for is to detect someone abusing the DNS servers. Lets say a broken client keeps banging away at the DNS or even DHCP servers. I would use the message count alert condition, but how would I alert on an individual client creating these messages? I guess the same would be true for switchport link flapping. Message count alert condition and some how identifying the individual client.

Any ideas?


Heyo @burd
There is a plugin for your usecase :slight_smile:


Thnak you, I’ll check it out!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.